To borrow another sentiment from the Wizard of Oz, we’re not in Kansas anymore. It seems the last six months have been filled with news of significant compromises to what was traditionally thought to be secure data exchanges and data stores. Even security companies have suffered from advanced persistent and evolving attacks resulting in compromise, which highlights a need to evaluate the type of security controls in place and the sensitivity of data these controls are protecting. With these threats combined with regulatory pressures, increased cyber-terrorism and waning consumer confidence, layered security is no longer a nice to have – it is a must.

“A layered security approach is always best.” While OTP systems “raise the bar for the criminals,” they were already vulnerable to compromise. “Maybe this incident will wake up companies to the need for more controls than just OTP authentication.”

I couldn’t agree more. A layered security approach begins with evaluating the sensitivity of information that needs to be protected. Username and password are no longer acceptable as “good enough” security. While OTP, from an authentication standpoint is a significant step-up compared to static username and password, certificate-based authentication raises the bar even further. Certificate-based authentication should be employed when protecting sensitive information and it enables a wide range of security services in the process (document or transaction signing, email encryption, etc.). See my blog from last week on this topic here.

From four-wheeled mobile offices to driverless cars and even windshields with integrated Google Glass, the possibilities to enhance transportation and improve our way of life are endless. As with most…